mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-06-08 16:33:58 +02:00
ezl-keygraph
77e300d52a
* feat: mount user repo as read-only with deliverables bind-mount overlay * feat: add playground and .playwright-cli overlay mounts * feat: add filesystem context to pipeline-testing prompts * fix: use explicit REPO_PATH in filesystem prompt for clarity * fix: update filesystem prompts with playground notes and absolute screenshot paths * feat: namespace writable overlays under .shannon/ to avoid polluting host repo * refactor: rename playground to scratchpad * fix: redirect playwright-cli output to writable .shannon/ overlay * fix: pre-create .shannon/ overlay mount points for Linux compatibility * fix: exclude nested node_modules and dist from Docker build context * fix: enforce LF line endings for shell scripts on Windows
32 lines
2.0 KiB
Plaintext
32 lines
2.0 KiB
Plaintext
@include(shared/_filesystem.txt)
|
|
|
|
## 🧪 Pipeline Testing: Session Isolation Test for Injection Exploitation Agent
|
|
|
|
**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing.
|
|
|
|
### Step 1: Test Browser Isolation
|
|
1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session:
|
|
```
|
|
playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com
|
|
```
|
|
|
|
2. Take a screenshot to prove isolation:
|
|
```
|
|
playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "{{REPO_PATH}}/.shannon/scratchpad/injection-exploit-test.png"
|
|
```
|
|
|
|
3. Log the test results:
|
|
```
|
|
console.log("🔴 INJECTION EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com")
|
|
```
|
|
|
|
### Step 2: Create Required Deliverable
|
|
Run the save-deliverable CLI:
|
|
```
|
|
save-deliverable --type INJECTION_EVIDENCE --content '# Injection Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** injection-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test injection vulnerability\n- **Vulnerability Type:** SQLi | CommandInjection | LFI | RFI | SSTI | PathTraversal | InsecureDeserialization\n- **Method:** [Type-specific exploitation method]\n- **Evidence:** Successfully executed test payload\n- **Impact:** Demonstrated ability to manipulate [database queries | system commands | file system | template engine | deserialization]\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** INJ-VULN-XX\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}'
|
|
```
|
|
|
|
This will automatically create `.shannon/deliverables/injection_exploitation_evidence.md`.
|
|
|
|
### Step 3: Verify Session Isolation
|
|
This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents. |